Law firm cyber security is a hot topic at the moment. This has led to professional indemnity insurers offering policies or bolt-ons to give cover.
The insurance question came to the fore recently when the Law Society of Scotland appointed Lockton as its Master Broker. Lockton’s Master Policy Professional Indemnity proposal form clearly requests information on your cyber security measures.
Although the cyber information request is supplementary, it raises a variety of questions. The answers to these questions are often unknown in many law firms.
Judging from the Lockton questionnaire, these are the key questions you’ll need to answer:
The questions affect different aspects of your business, not least your practice management software. Let’s take each in turn and offer a little guidance.
If you use on-premise servers, the responsibility for backing up your data is in your own hands. Generally, you should take backups daily and remove the backup media from your premises or place it in a fire-proof location. Alternatively, you can use a cloud-based backup solution.
Storing your data and hosting your practice management software on a cloud-based platform is a different matter. Backups are automatic. Your cloud service provider will be able to tell you of frequencies and security measures. For example, LawCloud is backed up at several times daily and in triplicate.
Again, if you use your own servers, you will have to develop robust systems for implementing and maintaining these. As a rule of thumb, you should update anti-virus definitions and firewalls immediately updates become available.
For Cloud users, it’s straightforward. For example, LawCloud anti-virus is updated daily. We update firewall (firmware or operating software) when suppliers release patches and according to our hosts’ patch policy.
With a cloud-based system, you have little need to remove data. Your connection between your device and the datacentre will be encrypted (by SSL).
Once again, non-cloud systems are only as secure as your own operating procedures and protocols.
Again, this is down to your own internal systems. However, we have published a series of resource articles on this subject. You can read them on the following links:
This also is down to your own internal protocols and procedures. However, if you feel these may need a little upgrading, it is worth reading this article as a salutary tale: Fraudulent bank calls to law firms – how to protect yourself.
For the cloud, datacentres should prioritise the patching of internal systems by role, importance and location in the network. It should automatically deploy and manage patches where appropriate. At LawWare, in addition to this, we update each LawCloud server ourselves. We do this for updates released for Microsoft operating systems and all application software used on the cloud.
We test these on a test server before rolling them out to all servers. Assuming all updates pass our compatibility test, we apply them within three days of passing the test. Microsoft releases security updates at least monthly; other vendors’ timescales differ.
Yet again, if you are not on the cloud, your own IT team are responsible for the management of patches.
You should have ready access to all anti-virus and business critical software supplier details if you are using your own server and IT infrastructure. For the cloud, your cloud service provider should be able to provide them for you readily.
LawWare has a detailed policy on cyber-security responsibilities. You can view it by clicking the link below.
© LawWare Limited 1995-2019
Our clients range from small start-up legal practices to multi-partner, multi-site firms.
Another great customer service experience from LawWare. My laptop had to be stripped back to factory settings as part of a repair - taking hours! In contrast, restoring LawWare took one phone call to the support team and I was up and running in 6 minutes. If only everything was so easy!
As the first commercial user of LawWare back in 1998, we have had no hesitation in remaining with the product through its development. We thoroughly recommend it to any firm looking for a practice management system.
The helpdesk is exceptionally good. Whatever the query there is always a human being there to help. No leaving messages or being advised to go to a website. The best computer service for solicitors I have ever used!
The linking of documents and casefiles saves so much time! I have experience of several accounts packages and I like that LawWare is simple to use and easy to learn. Support is quick and effective and staff are helpful and courteous.
I have worked with a number of Case Management providers over the years but have not come across anything with the attention to detail and thoroughness of LawWare. My colleagues and I have not been disappointed.
I can’t imagine trying to be a law firm in the 21st Century without 21st Century IT systems. Having a ‘single system’ that underpins all the work, whether we are in the office or out, is an integral part of what we are building.
The level of support is the main benefit using this system. The system itself once you have had training is simple and easy to use. We have a great relationship with LawWare and the ongoing support is second to none.
Significant preparation was required to configure and import the data from our old firm. We had to get all clients onto the new system and then learn how to use it. We just find it very easy to use, much easier than our old system.
Being a busy litigator with a growing firm it is incredibly useful to be able to view my files from any location with some form of internet connection. I am a fan, and want to keep working with LawWare to make a good product great.
The switch to the new LawCloud system, which is still on-going, has gone very well. We found the LawWare team without exception to be very helpful and knowledgeable. All queries are followed up and dealt with promptly.